adding SELinux stuff such that Openstack cloud controller can boot while SELinux is set to enforced

roles/rke2/tasks/setup_host.yml

@@ -20,6 +20,7 @@
       - rke2-selinux
       - ca-certificates
       - openssl
+      - setools-console
       
     state: latest
 
@@ -57,6 +58,31 @@
     name: etcd
     group: etcd
 
+#Download the mozilla root CA into the right directory, and update the trust chain
+- name: Download root CA
+  get_url:
+    url: https://curl.se/ca/cacert.pem
+    dest: /etc/ssl/certs
+
+- name: Update CA trust
+  shell: update-ca-trust
+
+#Let openstack cloud controller access the /etc/ssl/certs directory (SELinux)
+
+- name: Enable SELinux
+  selinux:
+    policy: targeted
+    state: enforcing
+
+- name: Copy SELinux Policies
+  template:
+    src: ../selinux/my-openstackcloud.pp
+    dest: /etc/selinux/targeted/policy/my-openstackcloud.pp
+  
+- name: Activate SELinux Policies
+  shell: semodule -i /etc/selinux/targeted/policy/my-openstackcloud.pp 
+
+
 - name: Ensure /var/lib/rancher/rke2/server/manifests
   file:
     path: /var/lib/rancher/rke2/server/manifests